note
naChoZ
<p>
[moritz] gave you the right answer. But if you're just looking for a simple way not to have to hard code a password into your script, I usually do something like this. I keep a file in my home directory, in this example <code>~/.ldap.secret</code>, protect with file permissions so that only I (or root / administrator) can access the file, then run a snippet like this (which is probably more complicated than necessary):
</p><p>
<code>
my $ldap_password = fetch_ldap_password({ filename => $ENV{HOME} . '/.ldap.secret' });
# ...
# {{{ sub fetch_ldap_password
#
sub fetch_ldap_password {
my $args = shift;
die "No password file specified\n" unless defined $args->{filename};
my $filename = $args->{filename};
my $password;
open( PW, "<$filename" )
or die "Error opening bindpw file $filename: $!\n\n";
foreach ( <PW> ) {
chomp;
$password = $_;
}
return $password;
}
</code>
</p>
<p>
This doesn't negate anything [moritz] said, the password is still essentially just sitting around to anyone with permission. But at least you don't have to hard code it. For a script that will be run by multiple people, the script should be using a database username that has been configured with adequate granted permissions on the database side itself to meet the needs of the script accessing the db.
</p>
<div class="pmsig"><div class="pmsig-87699">
<p>
-- <br />
naChoZ
</p>
<p>Therapy is expensive. Popping bubble wrap is cheap. You choose.
</p>
</div></div>
656889
656889